aaa

roles/docker/tasks/main.yml

@@ -1,4 +1,7 @@
 - block:
+  - name: print arch
+    debug:
+      msg: "{{ ansible_architecture }}"
   - name: Install docker
     ansible.builtin.apt:
       name: 
@@ -17,6 +20,13 @@
   - name: Get keys for raspotify
     ansible.builtin.shell:
       curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+    when:
+        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+  - name: Get keys for raspotify
+    ansible.builtin.shell:
+      curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc     
+    when:
+        - ansible_distribution == "Ubuntu"
 
   - name: Get keys for raspotify
     ansible.builtin.shell:
@@ -24,7 +34,13 @@
 
   - name: Get keys for raspotify
     ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
+    when:
+        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"
+  - name: Get keys for raspotify
+    ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+    when:
+    - ansible_distribution == "Ubuntu"
+    
   - name: Install docker
     ansible.builtin.apt:
       name: 
@@ -40,18 +56,58 @@
       path: /etc/systemd/system/docker.service.d/
       state: directory
       mode: '0755'
-
+  - name: Create a directory for certs
+    ansible.builtin.file:
+      path: /etc/docker/certs
+      state: directory
+      mode: '0700'
+  - name: Copy files
+    copy:
+      src: server-key.pem
+      dest: /etc/docker/certs/
+  - name: Copy files
+    copy:
+      src: ca.pem
+      dest: /etc/docker/certs/
+  - name: Copy files
+    copy:
+      src: server-cert.pem
+      dest: /etc/docker/certs/      
   - name: Creating a file with content
     copy:
       dest: "/etc/systemd/system/docker.service.d/override.conf"
       content: |
         [Service]
         ExecStart=
-        ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
+        ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify     --tlscacert=/etc/docker/certs/ca.pem     --tlscert=/etc/docker/certs/server-cert.pem     --tlskey=/etc/docker/certs/server-key.pem     -H=0.0.0.0:2376
     notify: restart_docker
+    when:  mode == "nocert" 
+  - name: Creating a file with content
+    copy:
+      dest: "/etc/systemd/system/docker.service.d/override.conf"
+      content: |
+        [Service]
+        ExecStart=
+        ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify     --tlscacert=/etc/docker/certs/ca.pem     --tlscert=/etc/docker/certs/server-cert.pem     --tlskey=/etc/docker/certs/server-key.pem     -H=0.0.0.0:2376
+    notify: restart_docker
+    when:  mode != "nocert" 
 
   - name: Just force systemd to reread configs
     ansible.builtin.systemd:
       daemon_reload: true
 
+  - name: Restart docker service
+    ansible.builtin.service:
+      name: docker
+      state: restarted
+
+  # - name: Get keys for raspotify
+  #   ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
+  - name: Install a plugin
+    community.docker.docker_plugin:
+      plugin_name: grafana/loki-docker-driver:3.3.2
+      alias: loki
+      state: present
+
+
   become: true